开发者

Where can I find a web-project "security checklist?" [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not cu开发者_如何学JAVArrently accepting answers.

We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.

Closed 3 years ago.

Improve this question

I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,

  1. Cross Site Scripting
  2. Cross Site Request Forgery
  3. Sanitize form data that goes into database
  4. Disable register globals and error reporting in custom php.ini
  5. Upload files below web root ...(the list goes on)

I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.

Thanks in advance.


I'd say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.

(But there is so much to say about that subject that you might actually get "more" informations than you'd first like...)


Check out this link "Seven habits for writing secure PHP applications":

http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

The IBM articles are always very useful, thanks.

PS: also this "Recommended PHP reading list"

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security


I think there are two main categories, which should be considered:

Configuration & installation (for example): http://aymanh.com/checklist-for-securing-php-configuration Programming (example): http://www.jemjabella.co.uk/blog/php-security-checklist

Other ideas?


Take a look at OWASP’s Development Guide.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜